Regularly Test Security

Integrator Notes

Quarterly external vulnerability scans must be performed by a scan vendor qualified by the payment card industry. Scans conducted after network changes may be performed by the company’s internal staff. (See PCI-DSS Requirement 11 for more details.)